Skip to content

Commit f0475d3

Browse files
backslashxxbackslashxx
committed
process tagging bullshit
for: tiann#3378
1 parent 4a0f5c1 commit f0475d3

1 file changed

Lines changed: 40 additions & 0 deletions

File tree

kernel/hook/core_hook.c

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,21 @@ LSM_HANDLER_TYPE ksu_handle_rename(struct dentry *old_dentry, struct dentry *new
4444
return 0;
4545
}
4646

47+
// https://elixir.bootlin.com/linux/v7.0-rc6/source/include/linux/sched/signal.h#L94
48+
// its free real estate
49+
#define SIGNAL_KSU_MANAGED 0x01000000
50+
#define SIGNAL_KSU_BIT25 0x02000000
51+
#define SIGNAL_KSU_BIT26 0x04000000
52+
#define SIGNAL_KSU_BIT27 0x08000000
53+
#define SIGNAL_KSU_BIT28 0x10000000
54+
#define SIGNAL_KSU_BIT29 0x20000000
55+
#define SIGNAL_KSU_BIT30 0x40000000
56+
#define SIGNAL_KSU_BIT31 0x80000000
57+
58+
// so we can clear everything all at once
59+
// FF XX XX XX
60+
#define SIGNAL_KSU_MASK (0xFF000000)
61+
4762
LSM_HANDLER_TYPE ksu_handle_setuid(struct cred *new, const struct cred *old)
4863
{
4964
if (!new || !old) {
@@ -63,10 +78,22 @@ LSM_HANDLER_TYPE ksu_handle_setuid(struct cred *new, const struct cred *old)
6378
disable_seccomp();
6479
pr_info("install fd for: %d\n", new_uid);
6580
ksu_install_fd(); // install fd for ksu manager
81+
82+
spin_lock_irq(&current->sighand->siglock);
83+
current->signal->flags |= SIGNAL_KSU_MANAGED;
84+
spin_unlock_irq(&current->sighand->siglock);
85+
6686
}
6787

6888
if (unlikely(ksu_is_allow_uid_for_current(new_uid))) {
6989
disable_seccomp();
90+
91+
spin_lock_irq(&current->sighand->siglock);
92+
current->signal->flags |= SIGNAL_KSU_MANAGED;
93+
spin_unlock_irq(&current->sighand->siglock);
94+
95+
// or maybe spin_lock_irqsave + spin_unlock_irqrestore ?
96+
7097
return 0;
7198
}
7299

@@ -80,6 +107,19 @@ LSM_HANDLER_TYPE ksu_bprm_check(struct linux_binprm *bprm)
80107
ksu_sulog_emit_bprm((const char *)bprm->filename);
81108
#endif
82109

110+
if (unlikely(current->signal->flags & SIGNAL_KSU_MANAGED)) {
111+
pr_info("%s: ksu managed task found with pid: %d comm: %s \n", __func__, current->pid, current->comm);
112+
113+
// untag
114+
spin_lock_irq(&current->sighand->siglock);
115+
current->signal->flags &= ~SIGNAL_KSU_MASK;
116+
spin_unlock_irq(&current->sighand->siglock);
117+
118+
// or maybe spin_lock_irqsave + spin_unlock_irqrestore ?
119+
120+
return 0;
121+
}
122+
83123
if (likely(!ksu_execveat_hook))
84124
return 0;
85125

0 commit comments

Comments
 (0)